Fri, 28 Oct 2016 19:29:38 +0200
adds chdir before cgi execution
src/server/safs/cgi.c | file | annotate | diff | comparison | revisions | |
src/server/safs/cgiutils.c | file | annotate | diff | comparison | revisions |
--- a/src/server/safs/cgi.c Thu Oct 27 16:56:00 2016 +0200 +++ b/src/server/safs/cgi.c Fri Oct 28 19:29:38 2016 +0200 @@ -141,6 +141,25 @@ p->pid = fork(); if(p->pid == 0) { // child + + // get script directory and script name + sstr_t script = sstr(path); + sstr_t parent; + int len = strlen(path); + for(int i=len-1;i>=0;i--) { + if(path[i] == '/') { + script = sstrn(path + i + 1, len - i); + parent = sstrdup(sstrn(path, i)); + if(chdir(parent.ptr)) { + perror("cgi_start: chdir"); + free(parent.ptr); + exit(-1); + } + free(parent.ptr); + break; + } + } + if(dup2(p->in[0], STDIN_FILENO) == -1) { perror("cgi_start: dup2"); exit(EXIT_FAILURE); @@ -155,7 +174,7 @@ close(p->in[1]); // execute program - exit(execve(path, argv, envp)); + exit(execve(script.ptr, argv, envp)); } else { // parent close(p->out[1]);
--- a/src/server/safs/cgiutils.c Thu Oct 27 16:56:00 2016 +0200 +++ b/src/server/safs/cgiutils.c Fri Oct 28 19:29:38 2016 +0200 @@ -76,7 +76,7 @@ // Escape any shell characters (does a MALLOC on our behalf) char c = *q; *q = '\0'; - argv[i] = util_sh_escape(arg); // TODO + argv[i] = util_sh_escape(arg); *q = c; // Unescape this arg, bailing on error